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DETAILED ACTION 


Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-18 are rejected under 35 U.S.C. 102(e) as being anticipated by Sing et al. (US 
2003/0088698 Al), hereinafter referred to as Singh. 

Regarding claims 1, 9, and 15, Singh discloses a VPN failure recovery for rapid failover 
of a communication path between computers that are linked by redundant virtual links in a 
virtual private network, which comprises: 

A first hub node serving client equipment (CE) devices connected on a first ELAN, a 
spoke node serving CE devices on a second ELAN; a first point-to-point link LI for 
interconnecting said first hub node and said spoke node; means for detecting a failure of said 
first point-to-point link LI, and for transmitting a corresponding failure notice; a second hub 
node interconnected with said first hub node, means for establishing a redundant point-to-point 
link L2 from said second hub node to said spoke node in response to said failure notice (Note, 
where means plus function language is used to define the characteristics of a machine or 
manufacture invention, such language must be interpreted to read on only the structures or 
materials disclosed in the specification and "equivalents thereof that correspond to the recited 
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function. Referring to Figures 1 and 2, Communication between clients 110 (client equipment) 
and servers 160 passes through public network 130 over virtual links of a virtual private network 
(VPN) (ELAN). At the site of each client 1 10, an access device 120 is coupled on the 
communication path between client 110 and public network 130 (second ELAN). Each access 
device 120 establishes VPN tunnels 135 to two or more gateways 140 (first hub node and second 
hub node). Each tunnel makes use of the IPSec protocol to transport and encrypt packets passing 
between access devices 120 and gateways 140. Each IPSec tunnel carries a PPP (Point-to-Point 
Protocol) data stream that is transported using a GRE (Generic Routing and Encapsulation) 
protocol. In this way, each tunnel provides a virtual link between the access device 120 and the 
gateway 140 at its endpoints. Different tunneling protocols, such as native IPSec tunneling, or 
L2TP or PPTP based tunnels are used to link the access devices and the gateways, and 
combinations of different tunneling protocols are used to link different clients to the servers. See 
paragraph 0055. Following link failures, communication from the tunnel 135 linking access 
device 120A and primary gateway 140A to the tunnel 135 linking access device 120A and 
backup gateway 140B. For example, if client 1 10A (means for detecting a failure) had active 
transport layer sessions with both server 160A and 160B (illustrated as paths 210), then after the 
failover, these transport sessions follow paths through backup gateway HOB (means for 
establishing a point-to-point link. See paragraph 0059.) 

Regarding claims 2 and 13, Singh discloses wherein said second hub node operates as a 
spoke node of first said hub node under based on an absence of failure notice (Referring to 
Figures 1 and 2, following link failures, communication from the tunnel 135 linking access 
device 120 A and primary gateway 140 A to the tunnel 135 linking access device 120 A and 
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backup gateway 140B (which operates as a node of the primary gateway under normal 
conditions). For example, if client 1 10A had active transport layer sessions with both server 
160A and 160B (illustrated as paths 210), then after the failover, these transport sessions follow 
paths through backup gateway MOB). See paragraph 0059.) 

Regarding claims 3 and 14, Singh discloses wherein said first hub node is capable of 
operating as a spoke node of said second hub node when said first hub node fails (Referring to 
Figures 1 and 2, following link failures, communication from the tunnel 135 linking access 
device 120A and primary gateway 140A (capable of operating as a spoke node of the backup 
gateway when the primary gateway fails) to the runnel 135 linking access device 120A and 
backup gateway HOB. For example, if client 1 10A had active transport layer sessions with both 
server 160A and 160B (illustrated as paths 210), then after the failover, these transport sessions 
follow paths through backup gateway MOB. See paragraph 0059.) 

Regarding claims 4 and 12, Singh discloses wherein said means for detecting a failure of 
said first point-to-point link LI is a first PE node interfacing said first hub with said service 
provider network monitors said first link LI for detecting a failure at said hub node (Referring to 
Figures 1-3, Each access device 120 (PE node) has a similar logical arrangement as that shown 
for gateway 140 in FIG. 3. A heartbeat module in an access device sends heartbeats to the 
gateways 140 to which it has tunnels. If the primary gateways fails to respond (layer 1 signaling 
protocol), the access device terminates the tunnel and the router module immediately starts 
passing packets from client 110 over a tunnel 135 to a backup gateway 135. The tunnel module 
then begins and continues to try to reestablish a tunnel to the primary gateway. The router 
module at the access device sends a request to the router module at the backup gateway to send 
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updated routing information rather than waiting to periodic routing updates it would send as part 
of normal operation of the route update protocol. See paragraph 0064.) 

Regarding claims 5,10, and 11, Singh discloses wherein said establishing a redundant 
point-to-point link L2 in response to said failure notice includes said first PE node signaling said 
second PE node to establish a second point-to-point link with said second hub node, and to re- 
map the traffic from said second hub node over said second point-to-point link and, in response, 
said second PE node establishes the second point-to-point link with said second hub node, and 
re-maps the traffic from said second hub node over said second point-to-point link (Referring to 
Figures 1-3 and 5C, a heartbeat failure from an access device 120 to a gateway 140 results in the 
following sequence of events. Access device 120 detects a heartbeat failure. The access device 
terminates the tunnel if it has not already been terminated (for example by the gateway under the 
scenario shown in FIG. 5B). At each access device 120 that has had the tunnel to its primary 
gateway terminated, the router module begins rerouting traffic to the backup gateway. The 
access device also request updated routing information from the backup gateway. The backup 
gateway sends the updated routing information in response to the request from the access device. 
After any tunnel to an access device is terminated, the access device begins to try to reestablish 
the tunnel. However, the gateway that terminated the tunnel does not accept the requests to 
reestablish the tunnels until it is one again successfully receiving replies to the heartbeat 
messages it is sending to servers 160. In various examples of this approach, private network 150 
can include a variety of different types of routing "fabrics." For example, private network 150 
can be configured to be statically routed or to use a dynamic routing protocol such as OSPF. See 
paragraphs 0078-0082.) 
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Regarding claims 6 and 16, Singh discloses wherein the access link between said spoke 
node and said second PE node is an aggregated bundle of links comprising a redundant link 
(Referring to Figures 1-3 and 5C, a heartbeat failure from an access device 120 to a gateway 140 
results in the following sequence of events. Access device 120 detects a heartbeat failure. The 
access device terminates the tunnel if it has not already been terminated (for example by the 
gateway under the scenario shown in FIG. 5B). At each access device 120 that has had the 
tunnel to its primary gateway terminated, the router module begins rerouting traffic to the backup 
gateway. The access device also request updated routing information from the backup gateway. 
The backup gateway sends the updated routing information in response to the request from the 
access device. After any tunnel to an access device is terminated, the access device begins to try 
to reestablish the tunnel (aggregated bundle of links comprising a redundant link). See 
paragraphs 0078-0082.) 

Regarding claims 7 and 17, Singh discloses wherein connectivity between said second PE 
node and said spoke node is maintained when a link on said respective aggregated bundle is 
interrupted (Referring to Figures 1-3 and 5C, a heartbeat failure from an access device 120 to a 
gateway 140 results in the following sequence of events. Access device 120 detects a heartbeat 
failure. The access device terminates the tunnel if it has not already been terminated (for 
example by the gateway under the scenario shown in FIG. 5B). At each access device 120 that 
has had the tunnel to its primary gateway terminated, the router module begins rerouting traffic 
to the backup gateway. The access device also request updated routing information from the 
backup gateway. The backup gateway sends the updated routing information in response to the 
request from the access device. After any tunnel to an access device is terminated, the access 
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device begins to try to reestablish the tunnel (connectivity is maintained when a link of the 
respective bundle is interrupted). See paragraphs 0078-0082.) 

Regarding claims 8 and 18, Singh discloses wherein the loss of a link in said aggregated 
bundle is transparent to said spoke node (Referring to Figures 1-3 and 5C, a heartbeat failure 
from an access device 120 to a gateway 140 results in the following sequence of events. Access 
device 120 detects a heartbeat failure. The access device terminates the tunnel if it has not 
already been terminated (for example by the gateway under the scenario shown in FIG. 5B). At 
each access device 120 that has had the tunnel to its primary gateway terminated, the router 
module begins rerouting traffic to the backup gateway. The access device also request updated 
routing information from the backup gateway. The backup gateway sends the updated routing 
information in response to the request from the access device. After any tunnel to an access 
device is terminated, the access device begins to try to reestablish the tunnel (the loss of a link is 
transparent because the path is rerouted and service is not interrupted). See paragraphs 0078- 
0082.) 

Response to Arguments 

3. Applicant's arguments filed 05 January 2009 have been fully considered but they are not 
persuasive. 

Rejection Under 35 U.S.C. 102 

On page 14 of the remarks, regarding claims 1-18, the Applicant argues Singh does not 
disclose all of the claim limitations of claims 1 and 9. The Examiner respectfully disagrees. The 
Applicant states the elements of Singh are not taught by Singh because the reference does not 


Application/Control Number: 10/724,775 Page 8 

Art Unit: 2416 

utilize the exact language of the claims. However, the Applicant fails to set forth whether the 
claims functionally or structurally differ from the network of Singh. The Applicant's arguments 
fail to comply with 37 CFR 1.1 1 1(b) because they amount to a general allegation that the claims 
define a patentable invention without specifically pointing out how the language of the claims 
patentably distinguishes them from the references. Singh discloses a functionally and 
structurally equivalent virtual redundant links in a virtual private network. Therefore, all of the 
claim limitations are disclosed. 

Conclusion 

4. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DONALD L. MILLS whose telephone number is (571)272-3094. 
The examiner can normally be reached on 9:00 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Chi Pham can be reached on 571-272-3 179. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


/Donald L Mills/ 
Examiner, Art Unit 2416 
March 30, 2009 


